From 7635def2fa96deac8fbc29599ef17e355181ade5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=88=98=E7=A5=A5=E8=B6=85?= Date: Sat, 21 May 2022 22:15:11 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=AD=A3=E8=87=AA=E5=8A=A8=E4=BD=BF?= =?UTF-8?q?=E7=94=A8=E6=9C=AC=E5=9C=B0=E9=98=B2=E7=81=AB=E5=A2=99=E5=BB=B6?= =?UTF-8?q?=E9=95=BF=E5=B0=81=E7=A6=81=E6=97=B6=E9=97=B4=E9=80=BB=E8=BE=91?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- internal/nodes/client_listener.go | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/internal/nodes/client_listener.go b/internal/nodes/client_listener.go index 42b799e..2c2a1b9 100644 --- a/internal/nodes/client_listener.go +++ b/internal/nodes/client_listener.go @@ -42,10 +42,10 @@ func (this *ClientListener) Accept() (net.Conn, error) { ip, _, err := net.SplitHostPort(conn.RemoteAddr().String()) if err == nil { canGoNext, _ := iplibrary.AllowIP(ip, 0) + var beingDenied = !waf.SharedIPWhiteList.Contains(waf.IPTypeAll, firewallconfigs.FirewallScopeGlobal, 0, ip) && + waf.SharedIPBlackList.Contains(waf.IPTypeAll, firewallconfigs.FirewallScopeGlobal, 0, ip) - if !canGoNext || - (!waf.SharedIPWhiteList.Contains(waf.IPTypeAll, firewallconfigs.FirewallScopeGlobal, 0, ip) && - waf.SharedIPBlackList.Contains(waf.IPTypeAll, firewallconfigs.FirewallScopeGlobal, 0, ip)) { + if !canGoNext || beingDenied { tcpConn, ok := conn.(*net.TCPConn) if ok { _ = tcpConn.SetLinger(0) @@ -54,9 +54,11 @@ func (this *ClientListener) Accept() (net.Conn, error) { _ = conn.Close() // 使用本地防火墙延长封禁 - var fw = firewalls.Firewall() - if fw != nil && !fw.IsMock() { - _ = fw.DropSourceIP(ip, 60) + if beingDenied { + var fw = firewalls.Firewall() + if fw != nil && !fw.IsMock() { + _ = fw.DropSourceIP(ip, 60) + } } return this.Accept()